IPMediumSignal 44/100

`167.94.146.29`

Location

United States

Frankfurt am Main, Hesse

ASN

AS398705

Censys, Inc.

First Seen

Nov 9, 2021

Last Seen

Jun 17, 2026

Nov 9

First Seen

1686d ago

Jun 17

Last Seen

4d ago

Reports

source reports

44%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

44%

Signal Score

44 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

74 techniques

Network Information

Country

United States

RegionFrankfurt am Main, Hesse

ASNAS398705

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

29 reports44% confidence

Source reports

44%

Confidence score

Category tags

abuseaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadministrative accessanomalous network connectionsasiaattackauthentication attacksauthentication attemptsauto-generated securitybad reputationbad web botbanner grabbing attemptblacklist candidateblacklist ipblacklisted ipblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2c2 communicationcensys-benigncertchina mobilecolumnscommand & controlcommand and controlcommunication protocolcommunication securitycompany limitedcompromised hostcompromised systemsconnect scancredential accesscredential harvestingcredential stuffingdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attacksdatabase securitydcom exploitationddosddos attackddos attacksddos participationdedecoy systemdenial of servicedenial-of-service attemptdistributed attacksencryptionenumerationenumeration attempteuropeexecutable fileexploitexploit activityexploitation activityexploitation attemptsexploited hostexternal network scanexternal scanfinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfirewall probingfraud voipftpftp brute forceftp brute-forcefull connect scangermanyhackinghk abusehandlerhong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usicmpicmp scanidentity & access exploitationids evasionindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinitiator ipinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attacklateral movementmalicious activitymalicious domainmalicious ip activitymalicious network trafficmalicious scanmalicious softwaremalicious trafficmalwaremalware distributionmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive port scanmassive scanningmicrosoft technologiesmirai botnetnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnmapnmap scan detectednorth americanull port scannull scanopen port detectionopen port discoveryopen port enumerationopen port identificationoperating systemoperating system detectionoperating system securityos detectionos fingerprintingos fingerprinting attemptpassword attackspgp signphishingphishing attackping of deathpossible botnet activitypossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotocol exploitationproxyproxy protocolransomwarerdp exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedrpcrtbhsansscams & fraudscanscannerscanning activitysecurity operationssecurity policysecurity probingservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionsmtpsmtp brute forcesmtp scanningsocial engineeringsocradarssh attackstealth scanstealth scan techniquessweep scansynsyn port scansyn scant1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.004t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1205t1210t1213t1486t1496t1499.001t1499.002t1499.003t1550.003t1562t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1589t1589.001t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltelnet threatthreat actorthreat actor activitythreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetsecudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network activityunauthorized scanningunited kingdomunited statesusus abuseus noneverified-benignvulnerability scanweb application attackweb exploitationweb trafficxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

44%

Confidence

Reports

First seenNov 9, 2021

Last seenJun 17, 2026

GeolocationUS

CountryUnited States

LocationFrankfurt am Main, Hesse

ASNAS398705

OrgCensys, Inc.

Coords50.0987, 8.6323

Proxy

VirusTotal

Not checked

WHOIS

description: The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw: NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.145.0/24, 167.94.146.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN

`167.94.146.29`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey